splunk-iam-user.yaml
---

Splunk IAM User CloudFormation Deployment

This CloudFormation template will deploy an IAM User with permissions Splunk needs.

AWSTemplateFormatVersion: '2010-09-09' Description: IAM User for Splunk

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

BucketNamePath is the full path name to the bucket.

BucketARNs: Type: CommaDelimitedList Description: Comma separated list of full S3 ARNs to allow access to splunk. Be sure to include trailing *. Default: arn:aws:s3:::bucket1*,arn:aws:s3:::bucket2*

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Configuration Parameters: - BucketARNs

Resources

These are all of the resources deployed by this template.

Resources:

IAM User

This deploys the user.

IAMUser: Type: AWS::IAM::User

IAM Policy

IAM Policy gets attached to the user.

SplunkPolicy: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: '2012-10-17' Statement:

Allow access to S3 actions

- Effect: Allow Action: - s3:GetObject Resource: !Ref BucketARNs

Allow access to all other resources

- Effect: Allow Action: - sqs:GetQueueAttributes - sqs:ListQueues - sqs:ReceiveMessage - sqs:GetQueueUrl - sqs:SendMessage - sqs:DeleteMessage - s3:ListBucket - s3:GetBucketLocation - s3:ListAllMyBuckets - config:DeliverConfigSnapshot - config:DescribeConfigRules - config:DescribeDeliveryChannels - config:DescribeConfigRuleEvaluationStatus - config:GetComplianceDetailsByConfigRule - config:GetComplianceSummaryByConfigRule - iam:GetUser - autoscaling:Describe* - cloudwatch:Describe* - cloudwatch:Get* - cloudwatch:List* - sns:Get* - sns:List* - sns:Publish - logs:DescribeLogGroups - logs:DescribeLogStreams - logs:GetLogEvents - ec2:DescribeInstances - ec2:DescribeReservedInstances - ec2:DescribeSnapshots - ec2:DescribeRegions - ec2:DescribeKeyPairs - ec2:DescribeNetworkAcls - ec2:DescribeSecurityGroups - ec2:DescribeSubnets - ec2:DescribeVolumes - ec2:DescribeVpcs - ec2:DescribeImages - ec2:DescribeAddresses - lambda:List* - rds:DescribeDBInstances - cloudfront:ListDistributions - elasticloadbalancing:DescribeLoadBalancers - elasticloadbalancing:DescribeInstanceHealth - inspector:Describe* - inspector:List* - kinesis:Get* - kinesis:Describe* - kinesis:List* - lambda:List* - cloudfront:Get* - cloudtrail:DescribeTrails Resource: "*" Users: - Ref: IAMUser

Outputs

Output values that can be viewed from the AWS CloudFormation console.

Outputs: IAMUser: Value: !Ref IAMUser